├── README.md
└── 优化inline hook
├── 01_Inline Hook
├── 01_Inline Hook.cpp
├── 01_Inline Hook.vcxproj
├── 01_Inline Hook.vcxproj.filters
├── 01_Inline Hook.vcxproj.user
├── dllmain.cpp
├── stdafx.cpp
├── stdafx.h
└── targetver.h
├── 02_Atom Hook
├── 02_Atom Hook.cpp
├── 02_Atom Hook.vcxproj
├── 02_Atom Hook.vcxproj.filters
├── 02_Atom Hook.vcxproj.user
├── dllmain.cpp
├── stdafx.cpp
├── stdafx.h
└── targetver.h
├── 03_Semaphore Hook
├── 03_Semaphore Hook.cpp
├── 03_Semaphore Hook.vcxproj
├── 03_Semaphore Hook.vcxproj.filters
├── 03_Semaphore Hook.vcxproj.user
├── dllmain.cpp
├── stdafx.cpp
├── stdafx.h
└── targetver.h
├── 04_Hotfixes Hook
├── 04_Hotfixes Hook.cpp
├── 04_Hotfixes Hook.vcxproj
├── 04_Hotfixes Hook.vcxproj.filters
├── 04_Hotfixes Hook.vcxproj.user
├── dllmain.cpp
├── stdafx.cpp
├── stdafx.h
└── targetver.h
├── 内联Hook线程安全.sln
└── 内联Hook线程安全
├── pch.cpp
├── pch.h
├── 内联Hook线程安全.cpp
├── 内联Hook线程安全.vcxproj
├── 内联Hook线程安全.vcxproj.filters
└── 内联Hook线程安全.vcxproj.user
/README.md:
--------------------------------------------------------------------------------
1 | # thread_inline_hook
2 | 稳定多线程中的inline hook
3 | https://bbs.pediy.com/thread-252074.htm
4 |
--------------------------------------------------------------------------------
/优化inline hook/01_Inline Hook/01_Inline Hook.cpp:
--------------------------------------------------------------------------------
1 | // 01_Inline Hook.cpp : 定义 DLL 应用程序的导出函数。
2 | //
3 |
4 | #include "stdafx.h"
5 |
6 | // 原函数的地址数据
7 | BYTE g_OldData[5];
8 | // 替换后的数据
9 | BYTE g_NewData[5] = { 0xE9 };
10 |
11 | // 声明自己的函数
12 | int
13 | WINAPI
14 | MyMsg(_In_opt_ HWND hWnd,
15 | _In_opt_ LPCWSTR lpText,
16 | _In_opt_ LPCWSTR lpCaption,
17 | _In_ UINT uType);
18 |
19 | // 安装钩子
20 | void InHook()
21 | {
22 | // 保存原函数地址
23 | memcpy(g_OldData, MessageBoxW, 5);
24 |
25 | // 计算出要跳转的偏移(自己的函数地址 - 原函数地址 - 5)
26 | DWORD Offset = (DWORD)MyMsg - (DWORD)MessageBoxW - 5;
27 | *(DWORD*)(g_NewData + 1) = Offset;
28 |
29 | // 修改内存属性
30 | DWORD Protect;
31 | VirtualProtect(MessageBoxW, 5, PAGE_EXECUTE_READWRITE, &Protect);
32 |
33 | // 替换函数地址
34 | memcpy(MessageBoxW, g_NewData, 5);
35 |
36 | // 还原内存属性
37 | VirtualProtect(MessageBoxW, 5, Protect, &Protect);
38 | }
39 |
40 | // 卸载钩子
41 | void UnHook()
42 | {
43 | DWORD Protect;
44 | VirtualProtect(MessageBoxW, 5, PAGE_EXECUTE_READWRITE, &Protect);
45 | memcpy(MessageBoxW, g_OldData, 5);
46 | VirtualProtect(MessageBoxW, 5, Protect, &Protect);
47 | }
48 |
49 | // 自己的Hook函数
50 | int
51 | WINAPI
52 | MyMsg(
53 | _In_opt_ HWND hWnd,
54 | _In_opt_ LPCWSTR lpText,
55 | _In_opt_ LPCWSTR lpCaption,
56 | _In_ UINT uType)
57 | {
58 | // 替换字符串
59 | lpText = L"九阳道人内联Hook成功!";
60 | lpCaption = L"九阳道人";
61 |
62 | // 先卸载钩子
63 | UnHook();
64 | // 在调用真正的MessageBoxW函数
65 | int nRet = MessageBoxW(hWnd, lpText, lpCaption, uType);
66 | // 最后在把钩子装上
67 | InHook();
68 | return nRet;
69 | }
70 |
--------------------------------------------------------------------------------
/优化inline hook/01_Inline Hook/01_Inline Hook.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}
24 | Win32Proj
25 | My01InlineHook
26 | 10.0.17763.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v141
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v141
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v141
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v141
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Use
88 | Level3
89 | Disabled
90 | true
91 | WIN32;_DEBUG;MY01INLINEHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Windows
96 | true
97 |
98 |
99 |
100 |
101 | Use
102 | Level3
103 | Disabled
104 | true
105 | _DEBUG;MY01INLINEHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Windows
110 | true
111 |
112 |
113 |
114 |
115 | Use
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;MY01INLINEHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Windows
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | Use
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;MY01INLINEHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Windows
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 | Create
158 | Create
159 | Create
160 | Create
161 |
162 |
163 |
164 |
165 |
166 |
--------------------------------------------------------------------------------
/优化inline hook/01_Inline Hook/01_Inline Hook.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 头文件
20 |
21 |
22 | 头文件
23 |
24 |
25 |
26 |
27 | 源文件
28 |
29 |
30 | 源文件
31 |
32 |
33 | 源文件
34 |
35 |
36 |
--------------------------------------------------------------------------------
/优化inline hook/01_Inline Hook/01_Inline Hook.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/优化inline hook/01_Inline Hook/dllmain.cpp:
--------------------------------------------------------------------------------
1 | // dllmain.cpp : 定义 DLL 应用程序的入口点。
2 | #include "stdafx.h"
3 |
4 | BOOL APIENTRY DllMain( HMODULE hModule,
5 | DWORD ul_reason_for_call,
6 | LPVOID lpReserved
7 | )
8 | {
9 | switch (ul_reason_for_call)
10 | {
11 | case DLL_PROCESS_ATTACH:
12 | InHook();
13 | break;
14 |
15 | case DLL_PROCESS_DETACH:
16 | UnHook();
17 | break;
18 | }
19 | return TRUE;
20 | }
21 |
22 |
--------------------------------------------------------------------------------
/优化inline hook/01_Inline Hook/stdafx.cpp:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
--------------------------------------------------------------------------------
/优化inline hook/01_Inline Hook/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h: 标准系统包含文件的包含文件,
2 | // 或是经常使用但不常更改的
3 | // 项目特定的包含文件
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // 从 Windows 头文件中排除极少使用的内容
11 | // Windows 头文件
12 | #include
13 |
14 | void InHook();
15 |
16 | void UnHook();
17 |
18 | // 在此处引用程序需要的其他标头
19 |
--------------------------------------------------------------------------------
/优化inline hook/01_Inline Hook/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // 包括 SDKDDKVer.h 将定义可用的最高版本的 Windows 平台。
4 |
5 | // 如果要为以前的 Windows 平台生成应用程序,请包括 WinSDKVer.h,并
6 | // 将 _WIN32_WINNT 宏设置为要支持的平台,然后再包括 SDKDDKVer.h。
7 |
8 | #include
9 |
--------------------------------------------------------------------------------
/优化inline hook/02_Atom Hook/02_Atom Hook.cpp:
--------------------------------------------------------------------------------
1 | // 02_Atom Hook.cpp : 定义 DLL 应用程序的导出函数。
2 | //
3 |
4 | #include "stdafx.h"
5 |
6 |
7 |
8 | // 原函数的地址数据
9 | LONGLONG g_OldAddr;
10 |
11 | // 替换后的数据
12 | BYTE g_NewData[8] = { 0xE9 };
13 |
14 | // 安装钩子
15 | void InHook()
16 | {
17 | // 1.计算出要跳转的偏移(自己的函数地址 - 原函数地址 - 5)
18 | DWORD Offset = (DWORD)MyMsg - (DWORD)MessageBoxW - 5;
19 | *(DWORD*)(g_NewData + 1) = Offset;
20 |
21 | // 2.把新地址转为长整形
22 | LONGLONG llData = *(LONGLONG*)(g_NewData);
23 |
24 | // 3.修改内存属性
25 | DWORD Protect;
26 | VirtualProtect(MessageBoxW, 8, PAGE_EXECUTE_READWRITE, &Protect);
27 |
28 | // 4.替换函数地址
29 | g_OldAddr = InterlockedExchange64((LONGLONG*)MessageBoxW, llData);
30 |
31 | // 5.还原内存属性
32 | VirtualProtect(MessageBoxW, 8, Protect, &Protect);
33 | }
34 |
35 | // 卸载钩子
36 | void UnHook()
37 | {
38 | DWORD Protect;
39 | VirtualProtect(MessageBoxW, 8, PAGE_EXECUTE_READWRITE, &Protect);
40 | InterlockedExchange64((LONGLONG*)MessageBoxW, g_OldAddr);
41 | VirtualProtect(MessageBoxW, 8, Protect, &Protect);
42 | }
43 |
44 | // 自己的Hook函数
45 | int
46 | WINAPI
47 | MyMsg(
48 | _In_opt_ HWND hWnd,
49 | _In_opt_ LPCWSTR lpText,
50 | _In_opt_ LPCWSTR lpCaption,
51 | _In_ UINT uType)
52 | {
53 | // 替换字符串
54 | lpText = L"九阳道人原子线程同步注入成功!";
55 | lpCaption = L"九阳道人";
56 |
57 | // 先卸载钩子
58 | UnHook();
59 | // 在调用真正的MessageBoxW函数
60 | int nRet = MessageBoxW(hWnd, lpText, lpCaption, uType);
61 | // 最后在把钩子装上
62 | InHook();
63 |
64 | return nRet;
65 | }
66 |
--------------------------------------------------------------------------------
/优化inline hook/02_Atom Hook/02_Atom Hook.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {19512D3E-1352-4306-9CDA-59F0E4C8AAB9}
24 | Win32Proj
25 | My02AtomHook
26 | 10.0.17763.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v141
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v141
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v141
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v141
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Use
88 | Level3
89 | Disabled
90 | true
91 | WIN32;_DEBUG;MY02ATOMHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Windows
96 | true
97 |
98 |
99 |
100 |
101 | Use
102 | Level3
103 | Disabled
104 | true
105 | _DEBUG;MY02ATOMHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Windows
110 | true
111 |
112 |
113 |
114 |
115 | Use
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;MY02ATOMHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Windows
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | Use
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;MY02ATOMHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Windows
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 | Create
158 | Create
159 | Create
160 | Create
161 |
162 |
163 |
164 |
165 |
166 |
--------------------------------------------------------------------------------
/优化inline hook/02_Atom Hook/02_Atom Hook.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 头文件
20 |
21 |
22 | 头文件
23 |
24 |
25 |
26 |
27 | 源文件
28 |
29 |
30 | 源文件
31 |
32 |
33 | 源文件
34 |
35 |
36 |
--------------------------------------------------------------------------------
/优化inline hook/02_Atom Hook/02_Atom Hook.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/优化inline hook/02_Atom Hook/dllmain.cpp:
--------------------------------------------------------------------------------
1 | // dllmain.cpp : 定义 DLL 应用程序的入口点。
2 | #include "stdafx.h"
3 |
4 | BOOL APIENTRY DllMain( HMODULE hModule,
5 | DWORD ul_reason_for_call,
6 | LPVOID lpReserved
7 | )
8 | {
9 | switch (ul_reason_for_call)
10 | {
11 | case DLL_PROCESS_ATTACH:
12 | InHook();
13 | break;
14 |
15 | case DLL_PROCESS_DETACH:
16 | UnHook();
17 | break;
18 | }
19 | return TRUE;
20 | }
21 |
22 |
--------------------------------------------------------------------------------
/优化inline hook/02_Atom Hook/stdafx.cpp:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
--------------------------------------------------------------------------------
/优化inline hook/02_Atom Hook/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h: 标准系统包含文件的包含文件,
2 | // 或是经常使用但不常更改的
3 | // 项目特定的包含文件
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // 从 Windows 头文件中排除极少使用的内容
11 | // Windows 头文件
12 | #include
13 |
14 | void InHook();
15 |
16 | void UnHook();
17 |
18 | // 声明自己的函数
19 | int
20 | WINAPI
21 | MyMsg(_In_opt_ HWND hWnd,
22 | _In_opt_ LPCWSTR lpText,
23 | _In_opt_ LPCWSTR lpCaption,
24 | _In_ UINT uType);
25 |
26 |
27 | // 在此处引用程序需要的其他标头
28 |
--------------------------------------------------------------------------------
/优化inline hook/02_Atom Hook/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // 包括 SDKDDKVer.h 将定义可用的最高版本的 Windows 平台。
4 |
5 | // 如果要为以前的 Windows 平台生成应用程序,请包括 WinSDKVer.h,并
6 | // 将 _WIN32_WINNT 宏设置为要支持的平台,然后再包括 SDKDDKVer.h。
7 |
8 | #include
9 |
--------------------------------------------------------------------------------
/优化inline hook/03_Semaphore Hook/03_Semaphore Hook.cpp:
--------------------------------------------------------------------------------
1 | // 03_Semaphore Hook.cpp : 定义 DLL 应用程序的导出函数。
2 | //
3 |
4 | #include "stdafx.h"
5 |
6 |
7 | // 原函数的地址数据
8 | BYTE g_OldData[5];
9 | // 替换后的数据
10 | BYTE g_NewData[5] = { 0xE9 };
11 |
12 | // 安装钩子
13 | void InHook()
14 | {
15 | // *获取到名为"九阳道人"的信号量
16 | HANDLE Semaphore = OpenSemaphore(
17 | SEMAPHORE_ALL_ACCESS, FALSE, L"九阳道人");
18 |
19 | // *把信号减为0,锁定当前线程
20 | WaitForSingleObject(Semaphore, -1);
21 |
22 | // 保存原函数地址
23 | memcpy(g_OldData, MessageBoxW, 5);
24 | // 计算出要跳转的偏移(自己的函数地址 - 原函数地址 - 5)
25 | DWORD Offset = (DWORD)MyMsg - (DWORD)MessageBoxW - 5;
26 | *(DWORD*)(g_NewData + 1) = Offset;
27 | // 修改内存属性
28 | DWORD Protect;
29 | VirtualProtect(MessageBoxW, 5, PAGE_EXECUTE_READWRITE, &Protect);
30 | // 替换函数地址
31 | memcpy(MessageBoxW, g_NewData, 5);
32 | // 还原内存属性
33 | VirtualProtect(MessageBoxW, 5, Protect, &Protect);
34 |
35 | // *把信号加1
36 | LONG Count = 0;
37 | ReleaseSemaphore(Semaphore, 1, &Count);
38 | }
39 |
40 | // 卸载钩子
41 | void UnHook()
42 | {
43 | DWORD Protect;
44 | VirtualProtect(MessageBoxW, 5, PAGE_EXECUTE_READWRITE, &Protect);
45 | memcpy(MessageBoxW, g_OldData, 5);
46 | VirtualProtect(MessageBoxW, 5, Protect, &Protect);
47 | }
48 |
49 | // 自己的Hook函数
50 | int
51 | WINAPI
52 | MyMsg(
53 | _In_opt_ HWND hWnd,
54 | _In_opt_ LPCWSTR lpText,
55 | _In_opt_ LPCWSTR lpCaption,
56 | _In_ UINT uType)
57 | {
58 | // 替换字符串
59 | lpText = L"九阳道人信号量线程同步注入成功!";
60 | lpCaption = L"九阳道人";
61 |
62 | // 先卸载钩子
63 | UnHook();
64 | // 在调用真正的MessageBoxW函数
65 | int nRet = MessageBoxW(hWnd, lpText, lpCaption, uType);
66 | // 最后在把钩子装上
67 | InHook();
68 |
69 | return nRet;
70 | }
71 |
--------------------------------------------------------------------------------
/优化inline hook/03_Semaphore Hook/03_Semaphore Hook.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}
24 | Win32Proj
25 | My03SemaphoreHook
26 | 10.0.17763.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v141
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v141
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v141
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v141
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Use
88 | Level3
89 | Disabled
90 | true
91 | WIN32;_DEBUG;MY03SEMAPHOREHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Windows
96 | true
97 |
98 |
99 |
100 |
101 | Use
102 | Level3
103 | Disabled
104 | true
105 | _DEBUG;MY03SEMAPHOREHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Windows
110 | true
111 |
112 |
113 |
114 |
115 | Use
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;MY03SEMAPHOREHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Windows
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | Use
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;MY03SEMAPHOREHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Windows
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 | Create
158 | Create
159 | Create
160 | Create
161 |
162 |
163 |
164 |
165 |
166 |
--------------------------------------------------------------------------------
/优化inline hook/03_Semaphore Hook/03_Semaphore Hook.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 头文件
20 |
21 |
22 | 头文件
23 |
24 |
25 |
26 |
27 | 源文件
28 |
29 |
30 | 源文件
31 |
32 |
33 | 源文件
34 |
35 |
36 |
--------------------------------------------------------------------------------
/优化inline hook/03_Semaphore Hook/03_Semaphore Hook.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/优化inline hook/03_Semaphore Hook/dllmain.cpp:
--------------------------------------------------------------------------------
1 | // dllmain.cpp : 定义 DLL 应用程序的入口点。
2 | #include "stdafx.h"
3 |
4 | BOOL APIENTRY DllMain( HMODULE hModule,
5 | DWORD ul_reason_for_call,
6 | LPVOID lpReserved
7 | )
8 | {
9 | switch (ul_reason_for_call)
10 | {
11 | case DLL_PROCESS_ATTACH:
12 | InHook();
13 | break;
14 |
15 | case DLL_PROCESS_DETACH:
16 | UnHook();
17 | break;
18 | }
19 | return TRUE;
20 | }
21 |
22 |
--------------------------------------------------------------------------------
/优化inline hook/03_Semaphore Hook/stdafx.cpp:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
--------------------------------------------------------------------------------
/优化inline hook/03_Semaphore Hook/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h: 标准系统包含文件的包含文件,
2 | // 或是经常使用但不常更改的
3 | // 项目特定的包含文件
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // 从 Windows 头文件中排除极少使用的内容
11 | // Windows 头文件
12 | #include
13 |
14 | // 声明自己的函数
15 | int
16 | WINAPI
17 | MyMsg(_In_opt_ HWND hWnd,
18 | _In_opt_ LPCWSTR lpText,
19 | _In_opt_ LPCWSTR lpCaption,
20 | _In_ UINT uType);
21 |
22 | void InHook();
23 |
24 | void UnHook();
25 |
26 | // 在此处引用程序需要的其他标头
27 |
--------------------------------------------------------------------------------
/优化inline hook/03_Semaphore Hook/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // 包括 SDKDDKVer.h 将定义可用的最高版本的 Windows 平台。
4 |
5 | // 如果要为以前的 Windows 平台生成应用程序,请包括 WinSDKVer.h,并
6 | // 将 _WIN32_WINNT 宏设置为要支持的平台,然后再包括 SDKDDKVer.h。
7 |
8 | #include
9 |
--------------------------------------------------------------------------------
/优化inline hook/04_Hotfixes Hook/04_Hotfixes Hook.cpp:
--------------------------------------------------------------------------------
1 | // 04_Hotfixes Hook.cpp : 定义 DLL 应用程序的导出函数。
2 | //
3 |
4 | #include "stdafx.h"
5 |
6 | // 旧地址
7 | BYTE g_OldData[5];
8 | // 新地址
9 | BYTE g_NewData[5] = { 0xE9 };
10 |
11 | // 声明hook的函数类型
12 | typedef int (WINAPI*FnMsg)(
13 | _In_opt_ HWND hWnd,
14 | _In_opt_ LPCWSTR lpText,
15 | _In_opt_ LPCWSTR lpCaption,
16 | _In_ UINT uType);
17 |
18 | void InHook()
19 | {
20 | // 保存旧地址的前两个字节
21 | memcpy(g_OldData, MessageBoxW, 2);
22 | //memcpy(g_OldData, (const void*)((DWORD)MessageBoxW - 5), 7);
23 |
24 | // 跳转到5个字节之前的位置的字节码
25 | BYTE pByte[2] = { 0xEB,0xF9 };
26 |
27 | // 优化程序
28 | if (*(BYTE*)MessageBoxW == 0xEB)
29 | return;
30 |
31 | // 计算偏移
32 | DWORD Offset = (DWORD)MyMsg - (DWORD)MessageBoxW;
33 | *(DWORD*)(g_NewData + 1) = Offset;
34 |
35 | // 修改内存属性
36 | DWORD Protect;
37 | VirtualProtect((LPVOID)((DWORD)MessageBoxW - 5), 7, PAGE_EXECUTE_READWRITE, &Protect);
38 |
39 | // 修改函数地址数据
40 | memcpy((LPVOID)((DWORD)MessageBoxW - 5), g_NewData, 5);
41 | memcpy(MessageBoxW, pByte, 2);
42 |
43 | // 还原内存属性
44 | VirtualProtect((LPVOID)((DWORD)MessageBoxW - 5), 7, Protect, &Protect);
45 | }
46 |
47 | void UnHook()
48 | {
49 | DWORD Protect;
50 | VirtualProtect(MessageBoxW, 2, PAGE_EXECUTE_READWRITE, &Protect);
51 | memcpy(MessageBoxW, g_OldData, 2);
52 | VirtualProtect(MessageBoxW, 2, Protect, &Protect);
53 | }
54 |
55 |
56 | int
57 | WINAPI
58 | MyMsg(
59 | _In_opt_ HWND hWnd,
60 | _In_opt_ LPCWSTR lpText,
61 | _In_opt_ LPCWSTR lpCaption,
62 | _In_ UINT uType)
63 | {
64 | lpText = L"九阳道人修改7字节内联HOOK注入成功";
65 | lpCaption = L"九阳道人";
66 |
67 | //FARPROC pFunc = GetProcAddress(GetModuleHandleA("user32.dll"), "MessageBoxW");
68 | FARPROC pFunc = (FARPROC)((DWORD)MessageBoxW + 2);
69 | int han = ((FnMsg)pFunc)(hWnd, lpText, lpCaption, uType);
70 |
71 | return han;
72 | }
73 |
--------------------------------------------------------------------------------
/优化inline hook/04_Hotfixes Hook/04_Hotfixes Hook.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}
24 | Win32Proj
25 | My04HotfixesHook
26 | 10.0.17763.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v141
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v141
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v141
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v141
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Use
88 | Level3
89 | Disabled
90 | true
91 | WIN32;_DEBUG;MY04HOTFIXESHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
92 | true
93 |
94 |
95 | Windows
96 | true
97 |
98 |
99 |
100 |
101 | Use
102 | Level3
103 | Disabled
104 | true
105 | _DEBUG;MY04HOTFIXESHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
106 | true
107 |
108 |
109 | Windows
110 | true
111 |
112 |
113 |
114 |
115 | Use
116 | Level3
117 | MaxSpeed
118 | true
119 | true
120 | true
121 | WIN32;NDEBUG;MY04HOTFIXESHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
122 | true
123 |
124 |
125 | Windows
126 | true
127 | true
128 | true
129 |
130 |
131 |
132 |
133 | Use
134 | Level3
135 | MaxSpeed
136 | true
137 | true
138 | true
139 | NDEBUG;MY04HOTFIXESHOOK_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
140 | true
141 |
142 |
143 | Windows
144 | true
145 | true
146 | true
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 | Create
158 | Create
159 | Create
160 | Create
161 |
162 |
163 |
164 |
165 |
166 |
--------------------------------------------------------------------------------
/优化inline hook/04_Hotfixes Hook/04_Hotfixes Hook.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 头文件
20 |
21 |
22 | 头文件
23 |
24 |
25 |
26 |
27 | 源文件
28 |
29 |
30 | 源文件
31 |
32 |
33 | 源文件
34 |
35 |
36 |
--------------------------------------------------------------------------------
/优化inline hook/04_Hotfixes Hook/04_Hotfixes Hook.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/优化inline hook/04_Hotfixes Hook/dllmain.cpp:
--------------------------------------------------------------------------------
1 | // dllmain.cpp : 定义 DLL 应用程序的入口点。
2 | #include "stdafx.h"
3 |
4 | BOOL APIENTRY DllMain( HMODULE hModule,
5 | DWORD ul_reason_for_call,
6 | LPVOID lpReserved
7 | )
8 | {
9 | switch (ul_reason_for_call)
10 | {
11 | case DLL_PROCESS_ATTACH:
12 | InHook();
13 | break;
14 |
15 | case DLL_PROCESS_DETACH:
16 | UnHook();
17 | break;
18 | }
19 | return TRUE;
20 | }
21 |
22 |
--------------------------------------------------------------------------------
/优化inline hook/04_Hotfixes Hook/stdafx.cpp:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 |
--------------------------------------------------------------------------------
/优化inline hook/04_Hotfixes Hook/stdafx.h:
--------------------------------------------------------------------------------
1 | // stdafx.h: 标准系统包含文件的包含文件,
2 | // 或是经常使用但不常更改的
3 | // 项目特定的包含文件
4 | //
5 |
6 | #pragma once
7 |
8 | #include "targetver.h"
9 |
10 | #define WIN32_LEAN_AND_MEAN // 从 Windows 头文件中排除极少使用的内容
11 | // Windows 头文件
12 | #include
13 |
14 | int
15 | WINAPI
16 | MyMsg(
17 | _In_opt_ HWND hWnd,
18 | _In_opt_ LPCWSTR lpText,
19 | _In_opt_ LPCWSTR lpCaption,
20 | _In_ UINT uType);
21 |
22 | void InHook();
23 |
24 | void UnHook();
25 |
26 | // 在此处引用程序需要的其他标头
27 |
--------------------------------------------------------------------------------
/优化inline hook/04_Hotfixes Hook/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // 包括 SDKDDKVer.h 将定义可用的最高版本的 Windows 平台。
4 |
5 | // 如果要为以前的 Windows 平台生成应用程序,请包括 WinSDKVer.h,并
6 | // 将 _WIN32_WINNT 宏设置为要支持的平台,然后再包括 SDKDDKVer.h。
7 |
8 | #include
9 |
--------------------------------------------------------------------------------
/优化inline hook/内联Hook线程安全.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.28307.421
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "00_远程线程注入", "内联Hook线程安全\内联Hook线程安全.vcxproj", "{CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "01_Inline Hook", "01_Inline Hook\01_Inline Hook.vcxproj", "{096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}"
9 | EndProject
10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "02_Atom Hook", "02_Atom Hook\02_Atom Hook.vcxproj", "{19512D3E-1352-4306-9CDA-59F0E4C8AAB9}"
11 | EndProject
12 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "03_Semaphore Hook", "03_Semaphore Hook\03_Semaphore Hook.vcxproj", "{E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}"
13 | EndProject
14 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "04_Hotfixes Hook", "04_Hotfixes Hook\04_Hotfixes Hook.vcxproj", "{E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}"
15 | EndProject
16 | Global
17 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
18 | Debug|x64 = Debug|x64
19 | Debug|x86 = Debug|x86
20 | Release|x64 = Release|x64
21 | Release|x86 = Release|x86
22 | EndGlobalSection
23 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
24 | {CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}.Debug|x64.ActiveCfg = Debug|x64
25 | {CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}.Debug|x64.Build.0 = Debug|x64
26 | {CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}.Debug|x86.ActiveCfg = Debug|Win32
27 | {CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}.Debug|x86.Build.0 = Debug|Win32
28 | {CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}.Release|x64.ActiveCfg = Release|x64
29 | {CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}.Release|x64.Build.0 = Release|x64
30 | {CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}.Release|x86.ActiveCfg = Release|Win32
31 | {CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}.Release|x86.Build.0 = Release|Win32
32 | {096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}.Debug|x64.ActiveCfg = Debug|x64
33 | {096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}.Debug|x64.Build.0 = Debug|x64
34 | {096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}.Debug|x86.ActiveCfg = Debug|Win32
35 | {096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}.Debug|x86.Build.0 = Debug|Win32
36 | {096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}.Release|x64.ActiveCfg = Release|x64
37 | {096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}.Release|x64.Build.0 = Release|x64
38 | {096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}.Release|x86.ActiveCfg = Release|Win32
39 | {096079CD-D34D-41E7-BFA9-BEB0F1DDEDD3}.Release|x86.Build.0 = Release|Win32
40 | {19512D3E-1352-4306-9CDA-59F0E4C8AAB9}.Debug|x64.ActiveCfg = Debug|x64
41 | {19512D3E-1352-4306-9CDA-59F0E4C8AAB9}.Debug|x64.Build.0 = Debug|x64
42 | {19512D3E-1352-4306-9CDA-59F0E4C8AAB9}.Debug|x86.ActiveCfg = Debug|Win32
43 | {19512D3E-1352-4306-9CDA-59F0E4C8AAB9}.Debug|x86.Build.0 = Debug|Win32
44 | {19512D3E-1352-4306-9CDA-59F0E4C8AAB9}.Release|x64.ActiveCfg = Release|x64
45 | {19512D3E-1352-4306-9CDA-59F0E4C8AAB9}.Release|x64.Build.0 = Release|x64
46 | {19512D3E-1352-4306-9CDA-59F0E4C8AAB9}.Release|x86.ActiveCfg = Release|Win32
47 | {19512D3E-1352-4306-9CDA-59F0E4C8AAB9}.Release|x86.Build.0 = Release|Win32
48 | {E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}.Debug|x64.ActiveCfg = Debug|x64
49 | {E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}.Debug|x64.Build.0 = Debug|x64
50 | {E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}.Debug|x86.ActiveCfg = Debug|Win32
51 | {E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}.Debug|x86.Build.0 = Debug|Win32
52 | {E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}.Release|x64.ActiveCfg = Release|x64
53 | {E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}.Release|x64.Build.0 = Release|x64
54 | {E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}.Release|x86.ActiveCfg = Release|Win32
55 | {E3C9D5A1-7C46-49E0-89F0-BFA8C7DD4F93}.Release|x86.Build.0 = Release|Win32
56 | {E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}.Debug|x64.ActiveCfg = Debug|x64
57 | {E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}.Debug|x64.Build.0 = Debug|x64
58 | {E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}.Debug|x86.ActiveCfg = Debug|Win32
59 | {E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}.Debug|x86.Build.0 = Debug|Win32
60 | {E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}.Release|x64.ActiveCfg = Release|x64
61 | {E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}.Release|x64.Build.0 = Release|x64
62 | {E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}.Release|x86.ActiveCfg = Release|Win32
63 | {E59FFDD4-1D6B-4DE4-B151-6B3ECAE3245B}.Release|x86.Build.0 = Release|Win32
64 | EndGlobalSection
65 | GlobalSection(SolutionProperties) = preSolution
66 | HideSolutionNode = FALSE
67 | EndGlobalSection
68 | GlobalSection(ExtensibilityGlobals) = postSolution
69 | SolutionGuid = {FC290DD0-09B8-4CFD-A67D-6854B0E36FDF}
70 | EndGlobalSection
71 | EndGlobal
72 |
--------------------------------------------------------------------------------
/优化inline hook/内联Hook线程安全/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: 与预编译标头对应的源文件;编译成功所必需的
2 |
3 | #include "pch.h"
4 |
5 | // 一般情况下,忽略此文件,但如果你使用的是预编译标头,请保留它。
6 |
--------------------------------------------------------------------------------
/优化inline hook/内联Hook线程安全/pch.h:
--------------------------------------------------------------------------------
1 | // 入门提示:
2 | // 1. 使用解决方案资源管理器窗口添加/管理文件
3 | // 2. 使用团队资源管理器窗口连接到源代码管理
4 | // 3. 使用输出窗口查看生成输出和其他消息
5 | // 4. 使用错误列表窗口查看错误
6 | // 5. 转到“项目”>“添加新项”以创建新的代码文件,或转到“项目”>“添加现有项”以将现有代码文件添加到项目
7 | // 6. 将来,若要再次打开此项目,请转到“文件”>“打开”>“项目”并选择 .sln 文件
8 |
9 | #ifndef PCH_H
10 | #define PCH_H
11 |
12 | // TODO: 添加要在此处预编译的标头
13 |
14 | #endif //PCH_H
15 |
--------------------------------------------------------------------------------
/优化inline hook/内联Hook线程安全/内联Hook线程安全.cpp:
--------------------------------------------------------------------------------
1 | // 内联Hook线程安全.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
2 | //
3 |
4 | #include "pch.h"
5 | #include
6 | #include
7 |
8 |
9 | void InjectDll(HWND hWnd, const char* dllPath)
10 | {
11 | //获取PID打开其进程
12 | DWORD dwPid = 0;
13 | GetWindowThreadProcessId(hWnd, &dwPid);
14 | HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
15 | if (!hProcess) {
16 | printf("打开进程失败\n");
17 | getchar();
18 | return;
19 | }
20 |
21 | //在被注入的进程中分配一块虚拟内存
22 | LPVOID lpAddr = VirtualAllocEx(hProcess,
23 | NULL, MAX_PATH, MEM_COMMIT, PAGE_READWRITE);
24 | if (!lpAddr) {
25 | printf("分配内存失败\n");
26 | getchar();
27 | return;
28 | }
29 |
30 | //把dll路径注入到目标进程中
31 | DWORD dwWrite = 0;
32 | WriteProcessMemory(hProcess, lpAddr,
33 | dllPath, strlen(dllPath) + 1, &dwWrite);
34 | if (strlen(dllPath) + 1 != dwWrite)
35 | {
36 | printf("dll路径写入失败\n");
37 | getchar();
38 | return;
39 | }
40 |
41 | HANDLE hThread = CreateRemoteThread(hProcess, 0, 0,
42 | (LPTHREAD_START_ROUTINE)LoadLibraryA, lpAddr, 0, 0);
43 | if (!hThread)
44 | {
45 | printf("创建远程线程失败错误码:%d\n", GetLastError());
46 | getchar();
47 | return;
48 | }
49 |
50 | //等待线程结束
51 | WaitForSingleObject(hThread, INFINITE);
52 | VirtualFreeEx(hProcess, lpAddr, MAX_PATH, MEM_RESERVE);
53 | CloseHandle(hThread);
54 | CloseHandle(hProcess);
55 | }
56 |
57 | // 提权操作
58 | BOOL SetPrivilege(LPCTSTR lpszPrivilege, BOOL bEnablePrivilege)
59 | {
60 | TOKEN_PRIVILEGES tp;
61 | HANDLE hToken;
62 | LUID luid;
63 |
64 | // 打开令牌
65 | if (!OpenProcessToken(GetCurrentProcess(),
66 | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
67 | &hToken))
68 | {
69 | printf("OpenProcessToken error: %u\n", GetLastError());
70 | return FALSE;
71 | }
72 |
73 | // 获取LUID
74 | if (!LookupPrivilegeValue(
75 | NULL, // lookup privilege on local system
76 | lpszPrivilege, // privilege to lookup
77 | &luid)) // receives LUID of privilege
78 | {
79 | printf("LookupPrivilegeValue error: %u\n", GetLastError());
80 | return FALSE;
81 | }
82 |
83 | tp.PrivilegeCount = 1;
84 | tp.Privileges[0].Luid = luid;
85 | if (bEnablePrivilege)
86 | tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
87 | else
88 | tp.Privileges[0].Attributes = 0;
89 |
90 | // 修改权限
91 | if (!AdjustTokenPrivileges(hToken,
92 | FALSE,
93 | &tp,
94 | sizeof(TOKEN_PRIVILEGES),
95 | (PTOKEN_PRIVILEGES)NULL,
96 | (PDWORD)NULL))
97 | {
98 | printf("AdjustTokenPrivileges error: %u\n", GetLastError());
99 | return FALSE;
100 | }
101 |
102 | if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
103 | {
104 | printf("The token does not have the specified privilege. \n");
105 | return FALSE;
106 | }
107 |
108 | return TRUE;
109 | }
110 |
111 |
112 |
113 | // 普通的内联Hook
114 | //#define DLL_NAME "D:\\C++练习3\\内联Hook线程安全\\Debug\\01_Inline Hook.dll"
115 | // 原子操作内联Hook
116 | //#define DLL_NAME "D:\\C++练习3\\内联Hook线程安全\\Debug\\02_Atom Hook.dll"
117 | // 信号量操作Hook
118 | //#define DLL_NAME "D:\\C++练习3\\内联Hook线程安全\\Debug\\03_Semaphore Hook.dll"
119 | // 修改7字节内联Hook
120 | #define DLL_NAME "D:\\C++练习3\\内联Hook线程安全\\Debug\\04_Hotfixes Hook.dll"
121 |
122 | //#define DLL_NAME "C:\\Users\\15pb - win7\\Desktop\\1231"
123 |
124 |
125 |
126 | int main()
127 | {
128 |
129 | /*使用信号量Hook时才用到*/
130 | //CreateSemaphore(NULL, 1, 1, L"九阳道人");
131 |
132 | //获取目标进程句柄
133 | HWND hWnd = FindWindowA(NULL, "Z测试程序");
134 |
135 | //提升特权
136 | SetPrivilege(SE_DEBUG_NAME, TRUE);
137 |
138 | //注入函数
139 | InjectDll(hWnd, DLL_NAME);
140 | return 0;
141 | }
142 |
143 |
--------------------------------------------------------------------------------
/优化inline hook/内联Hook线程安全/内联Hook线程安全.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 15.0
23 | {CDF37DE3-57BE-4A37-9554-6E85ADA3C1B7}
24 | Win32Proj
25 | 内联Hook线程安全
26 | 10.0.17763.0
27 | 00_远程线程注入
28 |
29 |
30 |
31 | Application
32 | true
33 | v141
34 | Unicode
35 |
36 |
37 | Application
38 | false
39 | v141
40 | true
41 | Unicode
42 |
43 |
44 | Application
45 | true
46 | v141
47 | Unicode
48 |
49 |
50 | Application
51 | false
52 | v141
53 | true
54 | Unicode
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | true
76 |
77 |
78 | true
79 |
80 |
81 | false
82 |
83 |
84 | false
85 |
86 |
87 |
88 | Use
89 | Level3
90 | Disabled
91 | true
92 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
93 | true
94 | pch.h
95 |
96 |
97 | Console
98 | true
99 |
100 |
101 |
102 |
103 | Use
104 | Level3
105 | Disabled
106 | true
107 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
108 | true
109 | pch.h
110 |
111 |
112 | Console
113 | true
114 |
115 |
116 |
117 |
118 | Use
119 | Level3
120 | MaxSpeed
121 | true
122 | true
123 | true
124 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
125 | true
126 | pch.h
127 |
128 |
129 | Console
130 | true
131 | true
132 | true
133 |
134 |
135 |
136 |
137 | Use
138 | Level3
139 | MaxSpeed
140 | true
141 | true
142 | true
143 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
144 | true
145 | pch.h
146 |
147 |
148 | Console
149 | true
150 | true
151 | true
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 | Create
160 | Create
161 | Create
162 | Create
163 |
164 |
165 |
166 |
167 |
168 |
169 |
--------------------------------------------------------------------------------
/优化inline hook/内联Hook线程安全/内联Hook线程安全.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 头文件
20 |
21 |
22 |
23 |
24 | 源文件
25 |
26 |
27 | 源文件
28 |
29 |
30 |
--------------------------------------------------------------------------------
/优化inline hook/内联Hook线程安全/内联Hook线程安全.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------